Malicious RTF / .BAT — malware analysis report

Static analysis result for SHA-256 9d91209bf40d3daf…

MALICIOUS

RTF / .BAT

530 B Authoring application: Msftedit 5.41.15.1515
MD5: 7649dd1af414d95fb5f18f2fd36387c8 SHA-1: 7ce9689b4f00df58d70b6802b5976364a98f8c68 SHA-256: 9d91209bf40d3dafe85748cfedf43b505dc2d282f99bb4a014c822fa0d072cea
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.003 Windows Command Shell

The sample is an RTF file containing a batch script. The script's logic involves renaming existing executables to a hidden state and then copying itself to replace them, potentially to disguise malicious payloads or evade detection. The CLAMAV_DETECTION heuristic further supports its malicious nature.

Heuristics 1

  • ClamAV: Legacy.Trojan.Trojan-92 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Trojan-92

Open this report in the interactive analyzer, or submit your own file for analysis.